CVE-2024-0150

High

Published: 28 January 2025

Published

28 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS Score 0.0006 19.2th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. A successful exploit of this vulnerability might lead to information disclosure, denial of service, or data tampering.

Security Summary

CVE-2024-0150 affects the NVIDIA GPU display driver for Windows and Linux. The vulnerability involves data being written past the end or before the beginning of a buffer, corresponding to CWE-787 (Out-of-bounds Write). It carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) and was published on 2025-01-28.

A local attacker with low privileges can exploit this issue with low attack complexity and no user interaction. Successful exploitation might result in information disclosure, denial of service, or data tampering, particularly impacting integrity and availability with high severity but no confidentiality impact.

The NVIDIA security advisory provides details on mitigation and patches at https://nvidia.custhelp.com/app/answers/detail/a_id/5614.

Details

CWE(s): CWE-787

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5614
psirt@nvidia.com